b'         Security Controls Over the FDIC\xe2\x80\x99s Wireless Data Communications\n                                                          March 2006\n                                                        Report No. 06-012\n\n\n                                            SUMMARY OF AUDIT REPORT\n\n\n\n\n                                            Results of Audit\n\n\n                                            The FDIC established and implemented security controls for its wireless data\n                                            communications that were generally consistent with the National Institute of\n                                            Standards and Technology\xe2\x80\x99s recommended practices. Such controls include\n                                            policies to govern the deployment of wireless-enabled devices connected to the\n                                            FDIC\xe2\x80\x99s corporate network, security software to authenticate wireless users to the\n                                            corporate network and protect the confidentiality of their communications, and\nBackground and                              procedures to assess wireless security activities. However, additional controls are\n                                            needed to provide reasonable assurance of adequate security\nPurpose of Audit\n                                            Recommendations and Management Response\n\n                                            KPMG recommended that the FDIC\xe2\x80\x99s Chief Information Officer (CIO):\nThe Federal Deposit Insurance\nCorporation (FDIC) Office of\n                                                z   enhance the Corporation\xe2\x80\x99s wireless security policies and awareness\nInspector General (OIG) contracted\n                                                    training; and\nwith KPMG LLP (KPMG) to audit and\nreport on the security of the FDIC\xe2\x80\x99s\nwireless data communications. The               z   restrict access to critical software programs designed to safeguard wireless\nresults of this audit support the FDIC              data communications.\nOIG in fulfilling its evaluation and\nreporting responsibilities under the        The CIO provided written comments that were responsive to the report\xe2\x80\x99s\nFederal Information Security                recommendations. Because this report addresses issues associated with\nManagement Act (FISMA) of 2002.             information security, we do not intend to make public release of the specific\n                                            contents of the report.\nWireless technology offers federal\nagencies a number of important\nbenefits, such as increased\nemployee productivity and ease of\nnetwork installation. However, this\ntechnology also presents a number\nof potentially significant security risks\nto the confidentiality, availability, and\nintegrity of sensitive information.\nSuch risks include the interception of\ncommunications not intended for\npublic disclosure, denial of service\nattacks, and unauthorized\ndeployment of wireless-enabled\ndevices.\n\nThe audit objective was to determine\nwhether the FDIC has established\nand implemented security controls\nthat provide reasonable assurance\nthat its wireless data communications\nare adequately protected.\n\x0c'